Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17715
HistoryAug 07, 2007 - 12:00 a.m.

Konqueror: URL address bar spoofing vulnerabilities

2007-08-0700:00:00
vulners.com
9
JSON

There are vulnerabilities in Konqueror that allow an attacker to
spoof the URL adddress bar.

The first example uses setInterval() call with relatively small interval
value (e.g. 0) to change window.location property. A browser is
entrapped within the attacking web site while the user thinks that
browser actually left the page.

http://alt.swiecki.net/konq2.html

The very similar problem affects Apple Safari (3.0.3) but due to
recent changes in Safari code (vide
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2398 ) it's a lot harder to
conduct a successful attack - URL address bat content changes so
frequently so the attack is revealed to the user (variants of attack are
currently under investigation).

The second one is based on the http URI scheme which allows embedding
user/password parameters into it, i.e. http://user:[email protected].
Such parameters can contain whitespaces, so the attack vector is quite
obvious.

http://alt.swiecki.net/konq3.html

Tested with Konqueror 3.5.7 on Linux 2.6

The snapshot from my dekstop:
http://alt.swiecki.net/konq3.png


Robert Swiecki

Related

prion 1
cve 1
nessus 1
prion
prion
Code injection
2007-06-21 10:30:00
cve
cve
CVE-2007-2398
2007-06-21 10:30:00
nessus
nessus
Safari < 3.1.1 Multiple Vulnerabilities
2008-04-18 00:00:00
JSON
Related for SECURITYVULNS:DOC:17715
prion1cve1nessus1